Add profile_id parameter to 'request_certificate'

Add the profile_id parameter to the 'request_certificate' function
and update call sites.

Also remove multiple occurrences of the default profile ID
'caIPAserviceCert'.

Part of: https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Fraser Tweedale 2015-05-08 02:23:24 -04:00 committed by Jan Cholasta
parent c09bd35e7c
commit 4cf2bfcaa6
6 changed files with 12 additions and 6 deletions

View File

@ -90,7 +90,7 @@ def assert_equal(trial, reference):
api.log.info('******** Testing ra.request_certificate() ********') api.log.info('******** Testing ra.request_certificate() ********')
request_result = ra.request_certificate(csr) request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE)
if verbose: print "request_result=\n%s" % request_result if verbose: print "request_result=\n%s" % request_result
assert_equal(request_result, assert_equal(request_result,
{'subject' : subject, {'subject' : subject,

View File

@ -436,7 +436,7 @@ class cert_request(VirtualCommand):
# Request the certificate # Request the certificate
result = self.Backend.ra.request_certificate( result = self.Backend.ra.request_certificate(
csr, request_type=request_type) csr, 'caIPAserviceCert', request_type=request_type)
cert = x509.load_certificate(result['certificate']) cert = x509.load_certificate(result['certificate'])
result['issuer'] = unicode(cert.issuer) result['issuer'] = unicode(cert.issuer)
result['valid_not_before'] = unicode(cert.valid_not_before_str) result['valid_not_before'] = unicode(cert.valid_not_before_str)

View File

@ -47,6 +47,8 @@ INCLUDED_PROFILES = {
(u'caIPAserviceCert', u'Standard profile for network services', True), (u'caIPAserviceCert', u'Standard profile for network services', True),
} }
DEFAULT_PROFILE = u'caIPAserviceCert'
class Dogtag10Constants(object): class Dogtag10Constants(object):
DOGTAG_VERSION = 10 DOGTAG_VERSION = 10
UNSECURE_PORT = 8080 UNSECURE_PORT = 8080

View File

@ -386,7 +386,7 @@ class CertDB(object):
# We just want the CSR bits, make sure there is nothing else # We just want the CSR bits, make sure there is nothing else
csr = pkcs10.strip_header(csr) csr = pkcs10.strip_header(csr)
params = {'profileId': 'caIPAserviceCert', params = {'profileId': dogtag.DEFAULT_PROFILE,
'cert_request_type': 'pkcs10', 'cert_request_type': 'pkcs10',
'requestor_name': 'IPA Installer', 'requestor_name': 'IPA Installer',
'cert_request': csr, 'cert_request': csr,

View File

@ -1284,6 +1284,8 @@ class ra(rabase.rabase):
""" """
Request Authority backend plugin. Request Authority backend plugin.
""" """
DEFAULT_PROFILE = dogtag.DEFAULT_PROFILE
def __init__(self): def __init__(self):
if api.env.in_tree: if api.env.in_tree:
self.sec_dir = api.env.dot_ipa + os.sep + 'alias' self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
@ -1541,9 +1543,10 @@ class ra(rabase.rabase):
return cmd_result return cmd_result
def request_certificate(self, csr, request_type='pkcs10'): def request_certificate(self, csr, profile_id, request_type='pkcs10'):
""" """
:param csr: The certificate signing request. :param csr: The certificate signing request.
:param profile_id: The profile to use for the request.
:param request_type: The request type (defaults to ``'pkcs10'``). :param request_type: The request type (defaults to ``'pkcs10'``).
Submit certificate signing request. Submit certificate signing request.
@ -1575,7 +1578,7 @@ class ra(rabase.rabase):
http_status, http_reason_phrase, http_headers, http_body = \ http_status, http_reason_phrase, http_headers, http_body = \
self._sslget('/ca/eeca/ca/profileSubmitSSLClient', self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
self.env.ca_ee_port, self.env.ca_ee_port,
profileId='caIPAserviceCert', profileId=profile_id,
cert_request_type=request_type, cert_request_type=request_type,
cert_request=csr, cert_request=csr,
xml='true') xml='true')

View File

@ -67,11 +67,12 @@ class rabase(Backend):
""" """
raise errors.NotImplementedError(name='%s.get_certificate' % self.name) raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
def request_certificate(self, csr, request_type='pkcs10'): def request_certificate(self, csr, profile_id, request_type='pkcs10'):
""" """
Submit certificate signing request. Submit certificate signing request.
:param csr: The certificate signing request. :param csr: The certificate signing request.
:param profile_id: Profile to use for this request.
:param request_type: The request type (defaults to ``'pkcs10'``). :param request_type: The request type (defaults to ``'pkcs10'``).
""" """
raise errors.NotImplementedError(name='%s.request_certificate' % self.name) raise errors.NotImplementedError(name='%s.request_certificate' % self.name)